25 Nov
2002
25 Nov
'02
8:02 a.m.
Hi, we had a large DDoS over the weekend, I wondered if anyone else has seen this and knows what software is behind it. We saw many hundred thousand packets per second entering our network from various international peers, each packet was tcp destined to a single real end user IP address and sourced from a /16 network address eg 61.254.0.0, where the src was random and different on each packet but always x.x.0.0 I was unable to find out more about the data within the packet, the sheer volume made diagnosis impossible without killing the routers. Steve